I have a question regarding running nxlog with the om_udpspoof module inside of a docker container. It appears that I should be able to do this, but in practice it does not work. I have tried the following:
hi there, I have a query. Got Windows servers with MS SQL installed and the NXLog 32 bits agent installed. Unfortunately no SQL logs are seen on our SIEM solution (Alienvault) and it seems the issue is because we should use the 64 bits agent (available for the Enterprise edition only). Has anyone experienced the same? Any tips? Any help would be appreciated
Many thanks!
Hi,
Regarding the Elasticsearch module:
Currently, I am using Nxlog Manager, NxLog agent and I want to send the log to elasticsearch. Where I should put the elastic username and password on NXLog config file?
Thanks
Hi,
I want to convert one of the field in audit message from hex to String for better readability. Could you please let me know if there is any function available for this?
Thanks,
Mahantesh
Hi,
Regarding the File Integrity Monitoring module:
1. Is it possible to detect the user who performs the changes? Currently, there is no detail of who made the changes in the NXLog logs.
2. What is the recommended scan-interval to be set? Will it affect the performance of the system?
Thank You
